Developers, please be careful when installing Homebrew. Google is serving sponsored links to a Homebrew site clone that has a cURL command to malware. The URL for this site is one letter different than the official site.
Note: Google allows the ad sponsors to specify an URL that will be displayed on the ad (original brew.sh here), but the click takes you to the malware domain brewe.sh.
@hardyjohnson @kravietz this makes me wonder if there's a way to get curl to use an allow list for hosts; if I haven't put it in the list, it doesn't connect. would make me scrutinize anything that didn't work more.
I can't see an option directly, but I think a script wraapper that removed any proxy/noproxy options, added an unresolvable proxy (eg, notinallowlist.local), and then noproxied the allow-list would do it.
tested it, that works. Let's see how annoying this wrapper gets
@bazzargh @hardyjohnson @kravietz Piping to shell is _never_ safe.
TLDR: it's possible for a malicious site to server-side detect if the script is being curl-piped-to-bash and serve up a different script than the one you think you're getting.
kravietz 🦇
hardyjohnson
bazzargh
Skullvalanche